has anyone ever used MessageChannel to handle communication between a parent and iframe? 

it seems like an elegant abstraction that can bring security advantages but it seems like everyone just uses postMessage

what I learned since asking:

- MessageChannels introduce an additional state so implementing is more complicated than plain ole' postMessage
- MessageChannel still need to be setup with a handshake over postMessage so you still need whatever origin checks you need there
- subsequent communication is private which sounds nice but I don't have a good grasp on when this would come in handy practically. something like an XSS attack that is also subscribing to window message events and stealing that info but hard to reason about especially since the initial setup still requires postMessage

claude saying it's still beneficial but still kinda vague for me

Building @warpcast and @farcaster / dad / like to read, cook, ski, code

extended convo
https://claude.ai/share/05639a6f-bdde-4bcf-83a8-aa49b285e226